stepfunctions-tasks: mwaa service generates wrong action in role policy #28081
Description
Describe the bug
Following code is properly creates a step in Step Functions
const listEnvs = new sfn_tasks.CallAwsService(stack, 'ListMWAAEnvironments', {
service: 'mwaa',
action: 'listEnvironments',
resultPath: sfn.JsonPath.DISCARD,
iamResources: ['*'],
});
However, it creates wrong statement in the role policy.
{
"Action": "mwaa:listEnvironments",
"Resource": "*",
"Effect": "Allow"
}
Correct service prefix for MWAA is airflow.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonmanagedworkflowsforapacheairflow.html
Amazon Managed Workflows for Apache Airflow (service prefix: airflow) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.
This issue is similar with #27573.
Expected Behavior
Action should be airflow:listEnvironments
Current Behavior
Action is mwaa:listEnvironments
Reproduction Steps
Sample code for reproduction is below:
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import {
aws_stepfunctions as sfn,
aws_stepfunctions_tasks as sfn_tasks,
} from 'aws-cdk-lib';
export class SfnMwaaStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const listEnvs = new sfn_tasks.CallAwsService(scope, 'ListMWAAEnvironments', {
service: 'mwaa',
action: 'listEnvironments',
resultPath: sfn.JsonPath.DISCARD,
iamResources: ['*'],
});
new sfn.StateMachine(this, 'SimpleStateMachine', {
definitionBody: sfn.DefinitionBody.fromChainable(listEnvs)
});
}
}
Possible Solution
Adding mwaa into iamServiceMap. I'll submit PR later.
Additional Information/Context
No response
CDK CLI Version
v2.110.0
Framework Version
No response
Node.js Version
v18.17.1
OS
Linux
Language
TypeScript
Language Version
No response
Other information
No response